Certificate-based authentication fails when you use a smart card

First occurrence6.0.5

ProblemIn a smart card or client certificate authentication environment, Report Builder prompts for a user name and password for data service URLs. Report Builder cannot detect that the environment is secured with a smart card or client certificate, so it expects HTTP basic authorization credentials for data service URLs.

For example, this issue occurs in the following scenario with Microsoft Excel:

Create and save a report in Report Builder that uses CLM applications with smart card or client certificate authentication.

Run the report and export it to Microsoft Excel with live data.

Open the Excel spreadsheet and click Make Results Dynamic. You are prompted to select which user certificate to use for authentication. Select a certificate.

When the certificate validation is successful, Report Builder prompts you for your user name and password.

To resolve this specific scenario, complete the following steps:

Re-export the Microsoft Excel spreadsheet.

Open it and set thebasicAuthenticationEnabled=false parameter in the Query URL field on the Run Query sheet. Save the Microsoft Excel document.

Click Make Results Dynamic. You are prompted for a user certificate, after which you should see live data instead of the user name and password prompt.

Workaround

Upgrade to Report Builder version 6.0.6 iFix003 or later.

Add the https.client_cert.enabled=true property to <JTS_installation_directory>/server/conf/rs/app.properties.

Start Report Builder. Newly exported reports should not have this issue.

Licensing errors might occur if you upgrade the Java environment or upgrade applications to version 6.0.5 or later

First occurrence6.0.5

ProblemIf you upgrade your version of Java to a fix pack that was built after April 2017, or you upgrade an application to version 6.0.5 or later and are using WebSphere Liberty, licensing errors might occur. The errors occur because earlier licenses were signed with the MD5 algorithm, which is now blocked by newer versions of Java.

For example, the License Key Management page for Jazz Team Server might display the following error in the Description field: CRJAZ1236I A development time license is being used. Similarly, the jts.log file might display the following error: CRJAZ0965I The file was not a valid server or client access license activation key.

The latest license files no longer contain the MD5 algorithm because IBM and Oracle Java introduced restrictions on JAR files that are signed with weak algorithms and keys.

WorkaroundThe licenses in the IBM Rational License Key Center were updated to use a different signature algorithm.

After you upgrade your server to version 6.0.5 or later, obtain the updated licenses from the IBM Rational License Key Center to replace your current licenses. If you previously used floating, token, or authorized user single install licenses, install their updated versions. Your existing user license assignments are kept during the installation of the updated licenses.

Important: If you are not upgrading all applications at the same time, you must apply an interim fix to the applications at earlier versions before you upgrade Jazz Team Server. The following interim fixes contain the compatible version of Java:

If you cannot apply the interim fix before the upgrade, upgrade Jazz Team Server and then complete the steps in the IBM Support flash article. If you do not apply the interim fix or complete the steps in the article, the internal licenses do not load on Jazz Team Server and the applications might experience issues.

To update your current license files, follow the instructions in the Interactive Upgrade Guide or complete the following steps based on the type of license:

For term (floating or authorized user) or token licenses:

Note: For token licenses, you are only required to download the jazztokens.zip file. You do not have to download the license.dat file because it does not contain changes.

Log in to Jazz Team Server, go to jts/admin > Server > License Key Management and note all the licenses on the server.

Links in an exported Word document cause authentication errors

First occurrence6.0.4

ProblemIf you export a Report Builder report that contains hyperlinks to Microsoft Word, clicking a hyperlink in the exported Word document might fail and cause the following error after you complete the login for CLM:Invalid path to authentication servlet.

Java 7.1 SR4 FP10 is not supported

First occurrence6.0.5

ProblemCollaborative Lifecycle Management (CLM) applications that run on WebSphere Application Server Liberty (16.0.0.4 and 17.0.0.2) and that are configured with JRE 7.1 SR4 FP10 might crash. By default, versions 6.0.5 and later include a Java version that is stable.

Ready-to-use reports might have untranslated columns when exported to another format

First occurrence6.0.4

ProblemWhen you export a ready-to-use report to another format (for example Microsoft Word or PDF) in a non-English locale, the report might include extra non-translated columns. These reports often contain extra variables that are not displayed in Report Builder. When the report is exported, these hidden query variables are displayed as additional columns in the report and are not translated.